How many passwords do you use on a given day? If you work in any IT profession, there is a good chance you have dozens to remember and use. How do you keep track of this mountain of login credentials?
You could write them all down, add them to a spreadsheet or text file, or use the same password on every site you interact with. These options can work for you, but they leave a lot of room for error. Physical writing can be stolen, files can be corrupted or lost, and using the same password everywhere means that a hacker only needs to uncover one of your passwords to get access to every service you use.
Many members of our team have opted instead to use password managers. These systems and services keep all of your passwords secure, and make it easier for you to access them, without making them visible to any prying eyes. They offer advanced security features such as end-to-end encryption (in addition to encrypted storage), multi-factor authentication, automatic form filling, multi-system sync, and other additional features.
In the wake of the Heartbleed bug, password management services like LastPass and 1Password received a surge of interest by concerned people that want an easier way to not only keep their passwords secure, but to track whether or not they need to be changed in the wake of the bug.
Below, we have listed several password managers that provide exceptional security.
Several of our team members use 1Password.
Brian Towles, our resident Geekus Maximus, pointed out its synchronization, multi-platform support, browser integration, and ease of use as some of its best features. This is in addition to its tamper-proof AES-256 encryption.
Karol Orzeł, one of our developers, said: “I have tried several online and cross-platform alternatives like KeePassX, but 1Password was easiest to use, with a clean interface and Dropbox sync.”
1Password secures passwords a little differently than LastPass. Data isn’t sent to 1Password at all. It has no idea how the user is using the software. Data is stored locally and synced via Wi-Fi, or it can be synced using Dropbox or iCloud. This ensures that a breach at 1Password really won’t have any affect on your data at all. You can determine how and where your data is used.
Even if Dropbox were to be breached, your data is totally encrypted and only someone with your master password would have access to it. You can even have multiple vaults, allowing you to share specific information with individuals in your team or family, without giving them everything.
1Password is a bit pricier than several of the other methods in this overview. It is priced per platform, meaning that you will need to buy the program multiple times to cover different operating environments. 1Password supports Windows, OS X, iOS, and Android.
One very popular solution is LastPass. It is highly recommended by security expert Steve Gibson and trusted by its massive customer base for its overwhelming amount of options.
256-bit AES encryption, one-way salted hashes, and PBKDF2 iterations are just a few of the features LastPass brings to the table. Encryption and decryption all happens on the local machine, giving LastPass nothing more than a garbled mess of data (which it stores securely).
One of the things that makes LastPass so appealing to users is its low price. The free version has pretty much everything the Pro version has, minus mobile support. This includes multi-factor authentication which does support fingerprint scanning as an option, automatic password generators, form filling, additional data security, and even credit monitoring (USA only).
LastPass installs as a browser extension, with a standalone program available for Pro users, and is compatible with Safari, Chrome, Firefox, IE 8+, and Opera. It’s also cross-platform, with options for Windows, Linux, OS X, mobile (Pro only).
LastPass is free to use, with the Pro edition priced at $12/year.
KeePass is completely free. It’s also open source, which makes many security experts happy knowing that they can look through the source code themselves for any issues that might arise.
KeePass doesn’t have the same browser integration or multi-device sync you’ll find in commercial solutions, but it does support multiple user keys, and key files which enable you to use a file as your password instead of a string of characters. This file can be stored on an external disk that you keep with you.
Speaking of portability, KeePass can be stored and launched from a thumb drive, allowing you to use it without even installing anything on the local machine.
The program also utilizes strong AES encryption coupled with the Twofish algorithm to encrypt its password database.
RoboForm is all about choice. It allows you to choose whether or not you wish to have your password data secured in the cloud.
You have the option to either use a device-based management solution that stores and encrypts data within the single device, or to use an accessible-anywhere plan that enables you to sync the same password database across multiple devices and platforms.
One of RoboForm’s greatest strengths is its form memorization and autofill. This isn’t a unique feature to RoboForm, but it works exceptionally well with it. RoboForm has been around since 1999, and it has a stellar reputation for its ease of use and extensive feature list.
RoboForm is available in three different plans. You can try it free for up to 10 passwords, enjoy everywhere access with unlimited passwords for around $20 per year, or go with RoboForm Desktop which works for a single desktop computer and stores all the data locally for a one-time fee $29.
Dashlane is an excellent option for just about anyone. It features useful tools such as in-line password strength gauges which let you know how strong a password is as you type it in, alerts for security breaches related to any sites you have a password with, and more.
One key benefit to Dashlane is its security dashboard which gives you a quick overview of your password security situation. It lets you know if/when passwords need to be changed, and which accounts may be at risk. It also gives you a score on your overall security so you can build better password practices as you use it.
Dashlane is free to use, but if you want Web access to your passwords, you will need to pony up $29/year.